lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
Date:   Thu, 5 Apr 2018 13:51:28 +0200
From:   Hans de Goede <hdegoede@...hat.com>
To:     Peter Jones <pjones@...hat.com>
Cc:     Ard Biesheuvel <ard.biesheuvel@...aro.org>,
        "Luis R . Rodriguez" <mcgrof@...nel.org>,
        Greg Kroah-Hartman <gregkh@...uxfoundation.org>,
        Thomas Gleixner <tglx@...utronix.de>,
        Ingo Molnar <mingo@...hat.com>,
        "H . Peter Anvin" <hpa@...or.com>, linux-kernel@...r.kernel.org,
        Dave Olsthoorn <dave@...aar.me>, x86@...nel.org,
        linux-efi@...r.kernel.org
Subject: Re: [PATCH 2/2] efi: Add embedded peripheral firmware support

Hi,

On 03-04-18 21:53, Peter Jones wrote:
> On Sat, Mar 31, 2018 at 02:19:44PM +0200, Hans de Goede wrote:
>> diff --git a/drivers/firmware/efi/efi.c b/drivers/firmware/efi/efi.c
>> index fddc5f706fd2..1a5ea950f58f 100644
>> --- a/drivers/firmware/efi/efi.c
>> +++ b/drivers/firmware/efi/efi.c
>> @@ -455,6 +455,7 @@ int __init efi_mem_desc_lookup(u64 phys_addr, efi_memory_desc_t *out_md)
>>   		u64 end;
>>   
>>   		if (!(md->attribute & EFI_MEMORY_RUNTIME) &&
>> +		    md->type != EFI_BOOT_SERVICES_CODE &&
>>   		    md->type != EFI_BOOT_SERVICES_DATA &&
>>   		    md->type != EFI_RUNTIME_SERVICES_DATA) {
>>   			continue;
> 
> Might be worth adding a comment here to ensure nobody comes along later
> and adds something like EFI_BOOT_LOADER_DATA or other stuff that's
> allocated later here.  I don't want to accidentally patch our way into
> having the ability to stumble across a firmware blob somebody dumped
> into the middle of a grub config file, especially since you only need to
> collide crc32 (within the same length) to pre-alias a match.

As discussed elsewhere in the thread, I'm going to switch to doing a
kmemdup on the found firmware, so this chunk will go away :)

> 
> ...
>> +static int __init efi_check_md_for_embedded_firmware(
>> +	efi_memory_desc_t *md, const struct embedded_fw_desc *desc)
>> +{
> ...
>> +	if (found_fw_count >= MAX_EMBEDDED_FIRMWARES) {
>> +		pr_err("Error already have %d embedded firmwares\n",
>> +		       MAX_EMBEDDED_FIRMWARES);
>> +		return -ENOSPC;
>> +	}
> 
> Doesn't seem like this needs to be pr_err(); after all we have already
> found a valid match, so the firmware vendor has done something
> moderately stupid, but we have a firmware that will probably work.  Of
> course it still needs to return != 0, but pr_warn() or even pr_info()
> seems more reasonable.

We break from the search loop as soon as a firmware is found, this can
only trigger if someone adds a second firmware to the dmi data and then
does not update MAX_EMBEDDED_FIRMWARES...

But mcgrof wants me to switch to a linked list here, so this is going
away too.

> Aside from those nits, looks good to me.
> 
> Reviewed-by: Peter Jones <pjones@...hat.com>

Thanks, but v2 is going to have so much changes that I don't feel
comfortable bringing this forward to v2.

Regards,

Hans

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ